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About this Book 


NetIQ Identity Manager 4.8 Service Pack 3 provides new features, enhancements, improves usability, 
and resolves several previous issues. 


Many of these improvements were made in direct response to suggestions from our customers. We 
thank you for your time and valuable input. We hope you continue to help us ensure that our 
products meet all your needs. You can post feedback in the Identity Manager Community Forums on 
NetIQ Communities, our online community that also includes product information, blogs, and links 
to helpful resources. 


The documentation for this product and the latest release notes are available on the NetIQ Web site 
on a page that does not require you to log in. If you have suggestions for documentation 
improvements, click comment on this topic at the bottom of any page in the HTML version of the 
documentation posted at the Identity Manager Documentation Website. 
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About this Book 


1 What’s New and Changed? 


Identity Manager 4.8.3 provides the following key features, enhancements, and fixes in this release: 


* 


* 


* 


”New Features and Enhancements” on page 7 
”Component Updates” on page 9 


“Software Fixes” on page 10 


New Features and Enhancements 


Identity Manager 4.8.3 provides the following key functions and enhancements in this release: 


* 


* 


* 


* 


* 


“Platform Support” on page 7 

“Support for Ansible-based Deployment of Identity Manager Containers” on page 7 
”Enhancements in Identity Applications” on page 8 

”Enhancements in Identity Manager Engine” on page 9 


”Enhancements in Designer” on page 9 


Platform Support 


In addition to the existing operating systems (OS), this service pack supports the following OS: 


* 


* 


Red Hat Enterprise Linux (RHEL) 8.3 
Red Hat Enterprise Linux (RHEL) 7.9 


Support for Ansible-based Deployment of Identity Manager 
Containers 


This release introduces support for a simplified and an automated way of deploying Identity 
Manager containers through Ansible. For more information, see Deploying Identity Manager 
Containers Using Ansible. 
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Enhancements in Identity Applications 


Identity Applications includes the following enhancements: 


Support for Searching Groups by Attributes Other Than Description 


The group search was supported only by the Description attribute. From this release, the group 
search is enhanced to support the CN attribute. When the CN attribute is added in DAL and enabled 
to search for new attributes, the Dashboard allows you to search by that attribute for groups. 


For more information, see Entity Settings in the NetIQ Identity Manager - Administrator’s Guide to 
the Identity Applications. 


New Configuration Property Introduced In the Role and Resource Service 
Driver 


This release introduces a new driver property in the Role and Resource Service driver. 


Enable parallelization of role recalculation for user entities when an inherited role is added or removed 
from the parent role: When a child role is added to or removed from the parent role, the driver 
recalculates the role assignment for all the user entities. This new property allows you to enable 
parallel processing of multiple threads at a time. To enable this setting, set the value of the property 
to True. The default value is set to False. 


For more information, see Modifying the Role Service Driver Properties section in the NetIQ Identity 
Manager - Administrator’s Guide to Designing the Identity Applications. 


Ability of the Multi-threaded RRS Driver to Process Events Based on the 
Policy Weightage 


The multi-threaded Role and Resource Service driver is now enhanced and provides three different 
policy modules. The rules are set individually on these policy modules and a weight is assigned to 
each policy module to determine the order of policy execution. 


For more information, see How the Driver Works section in the NetIQ Identity Manager 4.8.3 - 
Administrator’s Guide to the Identity Applications. 


Ability to Sort Users Based On Any Attribute 


The Dashboard now allows you to sort users based on the attribute of your choice. By default, the 
Identity Applications sorts the list of users on the Dashboard based on their first name, irrespective 
of the user name format configured by the administrator in the Directory Abstraction Layer (DAL). A 
new setting is introduced in this release that allows you to customize that option. 


For more information on customizing this setting, see Configuring the Attribute for Sorting Users in 
Dashboard in the NetIQ Identity Manager - Administrator's Guide to the Identity Applications. 


What’s New and Changed? 


Enhancements in Identity Manager Engine 


Identity Manager Engine includes the following enhancements: 


LDAP Query Publishes Driver Cache Information 


Identity Manager now publishes useful LDAP metrics to monitor. When you query CN= monitor 
entry, it publishes the age and number of transactions in a driver's cache along with the count of 
processed operations. 


The cache information enables you to identify the age of each entry in the driver’s cache and retain 
an entry for reporting based on the tenure. 


Enhancements in Designer 


Designer includes the following enhancements: 


Ability to Perform Search and Replace Operations from Modeler View 


The search operation available in Designer is further enhanced to include a replace option. The 
Modeler view in Designer now allows you to search for a string and then replace the string with a 
different one. 


For more information about using the search and replace feature, see The Search Results View in the 
Understanding Designer for Identity Manager. 


Ability to Configure the Form Backend URL for Identity Vault Instances 
Individually 
Designer introduces a new option that allows you to configure the Form Backend URL for each 


instances of Identity Vault individually. For more information, see Workflow Forms in the NetIQ 
Designer for Identity Manager Administration Guide. 


Removes the GroupWise Applications And Classes From the Default 
Designer Schema 


This release removes the optional applications such as Groupwise applications and classes from the 
default Designer schema. 


Component Updates 


This section provides details on the component updates. 


Identity Manager Component Versions 


This release adds support for the following components in Identity Manager: 


+ Identity Manager Engine 4.8.3 
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Identity Manager Remote Loader 4.8.3 
Identity Applications 4.8.3 

Identity Reporting 6.6.2 

Identity Manager Designer 4.8.3 
Identity Manager Fanout Agent 1.2.5 


Updates for Dependent Components 


This release adds support for the following dependent components: 


* 


* 


NetIQ eDirectory 9.2.4 
NetIQ iManager 3.2.4 


You must upgrade to iManager 3.2.4 to support eDirectory 9.2.4. Ensure that you update your 
existing plug-ins to the latest versions for the iManager version you are using. 


NetIQ Self Service Password Reset (SSPR) 4.5.0.3 
NetIQ One SSO Provider (OSP) 6.4.3 
Sentinel Log Management for IGA 8.4 


Third-Party Component Versions 


This release adds support for the following third-party components: 


* 


* 


Azul Zulu 1.8.0 272 
Apache Tomcat 9.0.41-1 


NOTE: The supported versions of ActiveMQ, Nginx, and the Universal CEF collector are the same as 
Identity Manager 4.8.2. For more information on the supported versions for these components, see 
Third-Party Component Versions in the NetIQ Identity Manager 4.8 Service Pack 2 Release Notes. 


Software Fixes 


NetIQ Identity Manager includes software fixes for the following components: 


* 


* 


* 


* 


* 


* 


“Installation and Upgrade” on page 10 
“Identity Manager Engine” on page 11 
“Identity Plugins” on page 12 
“Identity Applications” on page 12 
“Identity Reporting” on page 15 


”Designer” on page 16 


Installation and Upgrade 


NetIQ Identity Manager includes the following software fixes that resolve several previous issues in 
installation or upgrade: 


What's New and Changed? 


Issue to Load Customized OSP Login Page After Upgrade 

The Identity Applications upgrade now handles the customization and successfully loads the OSP 
login page. (Bug 230466) 

Identity Manager Engine 

NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity 
Manager Engine: 

Ability to Identify Invalid Inputs Specified for Dates in the Policy 


The token-convert-time action in a policy successfully identifies an invalid value specified for a date 
and reports an error in the driver logs. (Bug 230655) 


Ability to Deliver Emails Containing Attachments Successfully Using Do 
Send Email from Template 
Identity Engine is updated to deliver e-mails with attachments successfully using default and 


customer templates. (Bug 231439) 


Running IDM Monitoring Queries Successfully Handles Memory 
Utilization 


The Identity Manager is updated to successfully run the IDM monitoring queries in loop without 
employing additional memory. (Bug 231531) 


Rectified DirXML DTD Document for Designer 4.8.1 


The DTD document now specifies valid element definitions for the Designer to utilize. (Bug 257187) 


Ability To Generate the Log Files in the Specified Directory When Starting 
Remote Loader From Default Location 


The log files are now generated in the correct directory when you start rdxml using the /etc/ 
init.d command. (Bug 231492) 


Identity Manager Engine Generates Email Notifications with Content 
Type as per the Content of the Email 


The updated Identity Manager Engine now sends all the email notifications with appropriate content 
type. (Bug 273053) 
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Ability to Successfully Start Drivers Using ZoomDB Through the Java 
Remote Loader 


The drivers using ZoomDB are now updated to start successfully when initialized using Java Remote 
Loader. The NICI dependency is removed for Java Remote Loader. (Bug 313089) 


Enhanced query-ex Functionality Returns Accurate Search Results 


The query-ex functionality is updated to return accurate search results when the get-token element 
is used in the query. (Bug 311264) 


Identity Plugins 


NetIQ Identity Manager includes software fix that resolve previous issues in the Identity Plugins: 


Identity Plugin Enables to Select CEF Audit Events at Driver Level 
Successfully 
The updated Identity Plugin successfully allows you to select events in the Log Level page. (Bug 


230995) 


Identity Plugin Allows to Create Work Order in Work Order Management 
Page Successfully 


When you create a new work order and browse, the Identity Plugin now does not display any 
prompt. It displays the list of drivers with respective statuses. (Bug 280040) 


Identity Applications 


NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity 
Applications: 


Requesting Permissions for Self Returns Correct Results 


The search functionality for requesting permissions for self is enhanced to return correct results. 
(Bug 231397) 


Dashboard Does not Freeze When the Filter in the Advanced Search on 
the People page is Empty 


By default, the Filter option in the Advanced search on the People page gets disabled, when the filter 
is empty. (Bug 231397) 


What’s New and Changed? 


Ability to Correctly Display the Localized Text for All Locales on the 
Request History Page 


The Request History page displays all text in the selected locales correctly. (Bug 232002) 


Ability to Re-enable Users Through the Dashboard 
The Dashboard is now enhanced and allows you to re-enable those users that are disabled in 


eDirectory. (Bug 232054) 


Removal of Roles Does not Throw Any Exceptions When Roles are 
Recalculated 
The RRSD driver now handles the role recalculation successfully after the role is removed from a 


user. Bug (232099) 


Access Widget on the Dashboard Displays Correct Values for Recently 
Added Entries 


The access widget for the dashboard is enhanced to display correct results for recently added 
entries. (Bug 276098) 


Increased the Column Size of localizedvalue.localization.igaworkflowdb 
to 1024 Characters 


The column size of the localizedvalue.localization.igaworkflowdb is same as 
localizedvalue.localization.idmuserappdb. The column size of the 
localizedvalue.localization.igaworkflowdb is now increased to 1024 characters. (Bug 278147) 


Null Pointer Exceptions are No Longer Observed When DNLookUp is 
Empty 
The null pointer exception observed in the logs is no longer seen when the DNLookUp field has an 


empty value. (Bug 279046) 


Ability to Display the Translated Text in All Locales Correctly When a Non- 
admin User Tries to Access idmadmin URL 


The message indicating that the non-administrator user will be redirected to a different page, when 
the user access is restricted, is now translated correctly for all locales. (Bug 283805) 


Ability of the Dashboard to Display the Status and Request Status 
Separately 


The dashboard now displays two separate fields; the role status that was used by the filter while 
searching for a specific role and the request status. (Bug 283163) 
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Request History Page Displays Accurate Results When the Page Size is Set 
to 1000 or Higher 


The Dashboard now retrieves accurate results when the Request History page for other users is 
configured to display 1000 or more results per page. (Bug 285139) 


Audit Event for Role Request Displays Correct nrfStatus After a Role is 
Provisioned 


The nrfStatus for a role request that is provisioned is now updated to display the correct value, that 
is, 50. (Bug 285147) 
Ability to Stop Users from Revoking Their Own Permissions 


The Dashboard is updated to disable users from revoking their own permissions. The entitled users, 
however, can still perform this operation. (Bug 288085) 


sendNotification Endpoint Works as Expected 
The sendNotification SOAP endpoint is updated to send e-mails to the specified e-mail ID. (Bug 
289101) 


Customdbupdate Populates the Processnames and Defaultnames 
Columns Correctly 


The customdbupdate in Identity Applications now populates all the columns correctly. (Bug 290025) 


IDVault.getObjectType Works As Expected When Used in a Condition 
Activity 


The IDVault.getObjectType, that used to return empty results, now works as expected. (Bug 295163) 


Ability to Display the Activity ID for Workflow Events 


The Workflow events are now enhanced to display the Activity ID’s for each of the events. This 
information can be observed in log file. (Bug 300011) 


Updated Message Displayed to Users When the Search Exceeds the 
Search Size Limit 


The message displayed to the user, when the search exceeds the size limit, is now updated. The log 
level for this message is set to Debug. (Bug 300113) 


What’s New and Changed? 


Ability of the getResourceOwners API to Correctly Retrieve the List of 
Owners Assigned to a Resource 


The getResourceOwners API is updated to correctly retrieve the list of assigned owners to a 
resource. (Bug 300164) 


getWorkRequest SOAP Request Returns Responses Correctly 


The getWorkRequest SOAP API is updated by setting the date in the correct format. The responses 
are returned correctly for the data items sent for the SOAP request. (Bug 301012) 


Ability to Notify the Users That the Approval Form is Successfully 
Submitted When the Dashboard Session is Not Active on a Different 
Browser Window 


The Dashboard is enhanced to notify that the reviewer has successfully submitted the approval form 
when the session is not active on a different browser window. (Bug 301242) 


Ability to Successfully Search for Permissions Through the Request > 
Others Option 


The proxy users can now successfully search for other’s permissions through the Request > Others 
page. (Bug 302069) 


Data Items are Correctly Added After the PRDs are Approved 


The data items are being added correctly during the PRD approval process when the Rest endpoints 
are used for approvals. (Bug 312024) 


Identity Reporting 


NetIQ Identity Manager includes the following software fixes that resolve several previous issues in 
Identity Reporting: 


Supports Special Character , in Group Names 


Identity Reporting now enables you to use the special character , in the group names. (Bug 232143) 


Ability To Specify # As the First Character for Group Names 


Identity Reporting now allows you to use the special character # as the first character for group 
names. (Bug 232142) 
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Ability to Handle the Processing of Events When an Entitlement Name 
Includes a White Space 


Identity Reporting now allows you to process events to the Reporting database when an entitlement 
name that included a white space is modified to a different value. (Bug 295101) 


Ability to Synchronize any Objects Succesfully to the Identity Reporting 
Database When the Object Name Contains Hyphen or Underscores 
The DCS driver is now enhanced and has the ability to synchronize objects to the Identity Reporting 


database when the object name contains hyphen or underscores. The hyphens and underscores are 
treated as different characters and the object names are synchronized correctly. (Bug 319062) 


Identity Reporting Does Not Display Any Errors When the DCS Driver Tries 
to Send The Same Event Containing a Parsing Error to the Reporting 
Database 

This issue is resolved. You must update the Data Collection Services driver to the latest version. For 


more information, see NetIQ Identity Manager 4.2.1.0 Data Collection Services Driver Readme. (Bug 
256188) 


Ability to Handle Data Collection Services After Upgrading Identity 
Reporting 


This issue is resolved. You must update Managed System Gateway driver to the latest version. For 
more information, see NetIQ Identity Manager 4.2.2.1 Managed System Gateway Driver Readme. 
(Bug 302052) 


Ability To Populate Data In the Correct Format When Reports Are 
Generated After The Roles Are Assigned To Groups and Containers 


This issue is resolved. You must update the Roles and Resource Service driver to the latest version. 
For more information, see NetIQ Identity Manager 4.8.3 Roles and Resource Service Driver Readme. 
(Bug 287067) 


Designer 


NetIQ Identity Manager includes software fixes that resolve several previous issues in Designer: 


Ability to Successfully Import the ECMA Script Through a Configuration 
File 


Designer now allows you to successfully export the ECMA scripts or objects to a configuration file 
and then import the same configuration file into Designer. (Bug 287195) 


What’s New and Changed? 


Ability to Modify Policies Containing the src Attributes 


Designer now allows you to modify policies containing the src attribute. Use the Find & Replace 
option introduced in Designer to modify the value from src to source. For more information, see 
the The Search Results View in the Understanding Designer for Identity Manager. (Bug 300080) 


Designer Loads Successfully After Importing the .wsdl File for an 


Integration Activity 


An intermittent issue, where Designer hangs while importing .wsd1 file for an integration activity, is 
now resolved. (Bug 283420) 


Ability to Successfully Import the Schema Changes From Outline View 
Using the Live Menu 


Designer now allows you to import the schema changes successfully from the Outline View using the 
Live > Import Schema option. (Bug 285191) 
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) Installing or Updating to This Service Pack 


For information on installing or updating to this service pack, see the NetIQ Identity Manager 4.8.3: 
Installation and Upgrade Guide. 
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Known Issues 


NetIQ strives to ensure our products provide quality solutions for your enterprise software needs. 
The following issues are currently being researched. If you need further assistance with any issue, 
contact Technical Support. 


+ “Unable to Assign the Role with SoD Constraint to a User” on page 21 


+ “Permission Related Errors Reported When Running Report Definitions SQL Scripts on Oracle” 
on page 21 

+ “Dashboard Does Not Indicate Whether the Reviewer Submitted the Approval Form 
Successfully or Not” on page 23 

+ “Designer Does Not Save XML Content When the Code Map Refresh Value Is Set to True” on 
page 24 

+ “Adding a Role as Trustee Causes an Exception While Loading Navigation Items on Dashboard” 
on page 24 

+ “Data Collection State Resets to Suspended When the Identity Reporting Container Is Deployed 
Manually” on page 25 

+ “Token-Convert-Time Fails to Convert Date and Time in a Policy” on page 25 


+ “Policy Validation in Designer Results in Multiple Errors” on page 26 


Unable to Assign the Role with SoD Constraint to a User 


Issue: In a normal scenario, when you request a role for users that conflicts with the user’s current 
role, the SoD policy applied to the conflicting role invokes an SoD approval flow. The SoD approvers, 
which may be selected approvers or default approvers set in the separation of duties settings, 
receive a corresponding task in their Tasks list. Once the task is approved, the requested role is 
assigned to the user. However, when you add a new user to the default approvers’ list in the 
separation of duties settings, the SoD policy fails to add a task in the newly-added user's task list. 
This results in an error message and the subsequent failure of the role assignment. (Defect 
267078) 


Workaround: To resolve this issue, restart the tomcat service in the identity applications server 
whenever you add a new user to the default approvers list in the separation of duties settings. 


Permission Related Errors Reported When Running Report 
Definitions SQL Scripts on Oracle 


Issue: Database configuration process reports permission related errors and while running report 
definition SQL scripts on Oracle. (Bug 230857) 


Known Issues 21 


22 


Workaround: To workaround this issue, perform the following steps before you configure Identity 
Reporting: 

1. Log in to the Identity Reporting server as database admin (sysdba) user. 

2. Open a database administrator tool such as Oracle SQL developer. 


3. Run the following scripts: 


alter session set "_ORACLE_SCRIPT"=true; 


CREATE OR REPLACE PROCEDURE create_dcs_roles_and_schemas( 
idm_rpt_data_password character varying, 
idmrptuser_password character varying) 

AUTHID CURRENT_USER 

AS 


cnt number; 
BEGIN 


/* Create user IDM_RPT_DATA if it does not exist already */ 
select count(*) into cnt from ALL_USERS WHERE USERNAME = 
"IDM RPT DATA"; 
IF cnt = © THEN 
execute immediate 'CREATE USER idm_rpt_data IDENTIFIED BY ' | | 
idm_rpt_data_password; 
DBMS OUTPUT.put line('Created user idm_rpt_data'); 
END IF; 


/* Grant rights to the idm rpt data user */ 

execute immediate 'GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW, 
CREATE PROCEDURE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE 
to idm rpt data'; 

DBMS OUTPUT.put line('Granted rights to user idm rpt data'); 


/* Create user IDMRPTUSER if it does not exist */ 
select count(*) into cnt from ALL USERS WHERE USERNAME = 
"IDMRPTUSER "'; 
IF cnt = © THEN 
execute immediate 'CREATE USER idmrptuser IDENTIFIED BY ' | | 
idmrptuser_password; 
DBMS OUTPUT.put line('Created user idmrptuser'); 
END IF; 


/* Grant rights to the idmrptuser user */ 
execute immediate "GRANT CREATE SESSION to idmrptuser'; 
DBMS_OUTPUT.put_line('Granted rights to user idmrptuser'); 
END; 
/ 
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CREATE OR REPLACE PROCEDURE create_rpt_roles_and_schemas( 
idm_rpt_cfg_password character varying) 

AUTHID CURRENT_USER 

AS 


cnt number; 
BEGIN 


/* Create user IDM_RPT_CFG if it does not exist */ 
select count(*) into cnt from ALL_USERS WHERE USERNAME = 
"IDM RPT CFG'; 
IF cnt = © THEN 
execute immediate 'CREATE USER idm_rpt_cfg IDENTIFIED BY ' | | 
idm_rpt_cfg_password; 
DBMS OUTPUT.put line('Created user idm_rpt_cfg'); 
END IF; 


/* Grant rights to the idm rpt cfy user */ 
execute immediate 'GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW, 
CREATE PROCEDURE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE 
to idm_rpt_cfg'; 
DBMS OQUTPUT.put line('Granted rights to user idm_rpt_cfg'); 
END; 
/ 
exec CREATE DCS ROLES AND SCHEMAS('<DB password>", '<DB password>'); 
/ 
exec CREATE RPT ROLES AND SCHEMAS('<DB password>'); 
/ 
alter session set " ORACLE SCRIPT"=false; 


4. Configure Identity Reporting. 


Dashboard Does Not Indicate Whether the Reviewer 
Submitted the Approval Form Successfully or Not 


Issue: When the reviewer opens an approval form through an e-mail link and acts on the request, 
the approval form does not close automatically after the form is submitted. This issue only occurs 
when the Dashboard session is not active on a different browser window. 


Workaround: To redirect the reviewer to the Dashboard page upon submitting the approval form, 
perform the following steps: 
1 Navigate to the config.ini file on the server where Identity Applications is installed. 
Linux: /opt/netiq/idm/apps/sites 
Windows: C: \netiq\idm\apps\sites\ 
2 Edit the config. ini file to add the Identity Manager Dashboard page URL. 
IDMDashboardURL=https://<server IP>:<port>/idmdash 
3 Restart the NGINX service. 
systemctl restart netiq-nginx.service 
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Designer Does Not Save XML Content When the Code Map 
Refresh Value Is Set to True 


Issue: When you set the value of the code-map-refresh to True and save the XML file, Designer 
does not save the changes. Instead, Designer removes the newly-added content for the code -map - 
refresh. 


Workaround: There is no workaround at this time. 


Adding a Role as Trustee Causes an Exception While 
Loading Navigation Items on Dashboard 


Issue: Identity Applications allows you to hide specific tabs on the Dashboard through the 
<client name>.json file. This feature works as expected when users, containers, or groups are 
configured as a trustee in the <client_name>. json file. However, when you configure Role as a 
trustee to display specific tabs only for that role, Identity Applications fails to display the tabs for all 
users on Dashboard. 


Workaround: To resolve this issue, perform the following actions: 


1 Log in to the Identity Applications server. 
2 Navigate to the /opt/netiq/idm/apps/tomcat/conf/clients/ directory. 


3 Open the <client_name>. json file and navigate to the section where you have set the role 
as a trustee. For example, 


{ 
"key": "people", 
"value": [1 
"dn": 


"cn=abcrole, cn=Level30, cn=RoleDefs, cn=RoleConfig, cn=AppConfig, cn=User 
Application Driver, cn=driverseti, o=system", 
"name": "abcrole", 
"type": "role" 
HH, 
"type": "navItem", 
"areaDefault": false, 
"disableAreaDefault": true, 
"isDisabled": false, 
"displayLabel": "People", 
"page": null, 
"expanded": true, 
"level": 1, 
"selected": false 


br 


4 Delete the content specified within the “value” attribute. For example, 
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"key": "people", 

"value": [], 

"type": "navItem", 
"areaDefault": false, 
"disableAreaDefault": true, 
"isDisabled": false, 
"displayLabel": "People", 


"page": null, 
"expanded": true, 
"level": 1, 


"selected": false 


bi 


NOTE: Ensure that the value of the isDisabled attribute is set to False. 


5 Save the <client name>.json file. 
6 Restart Tomcat. 
systemctl restart netiq-tomcat.service 
7 Log in to Identity Manager Dashboard. 
8 Navigate to Settings > Access. 


9 Add the required trustees. 


Data Collection State Resets to Suspended When the 
Identity Reporting Container Is Deployed Manually 


Issue: In the Identity Manager Data Collection Services (IDM DCS) user interface, when you set the 
data collection state to Active and save your changes, the state automatically resets to Suspended. 
The data collection does not work in this scenario. 


This issue is randomly observed only when the Identity Reporting container is manually deployed 
(without Ansible) in a fresh container deployment scenario. 


Token-Convert-Time Fails to Convert Date and Time ina 
Policy 


Issue: Performing policy simulation in a Designer policy with token-convert-time displays error. (Bug 
323025) 


Workaround: To resolve this issue, perform the following actions: 


1 Stop Designer. 


2 Back up the dirxml.jar file from the <Designer installed 
folder>\plugins\com.novell.core.jars_4.0.0.<latest>\1ib location. 
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3 In an Identity Manager Engine 4.8.3 Hotfix 1 server, copy dirxml.jar file to <Designer 
installed folder>\plugins\com.novell.core.jars_4.0.0.<latest>\lib 
location. 


¢ For Linux: copy the file from /opt/novell/eDirectory/lib/dirxml/classes 
location. 


+ For Windows: copy the file from C: \NetIQ\IDM\NDS\1ib location. 
4 Start Designer. 


Policy Validation in Designer Results in Multiple Errors 


Issue: When you validate a policy in Designer, the project checker displays incorrect errors. Errors 
such as A '(' character or an element type is required in the declaration of element type "if-dest-attr" 
and error against valid policies from REST, SAP, AD and other drivers are reported. (Bug 322013) 


Workaround: Manually modify if-dest-attr and if-src-attr attributes in 
dirxmlscript4.8.3.dtd document available at the DTD location. For example: 
C:\NetIQ\IDM\apps\Designer\plugins\com.novell.idm.policybuilder_4.0.0.2021 
02182056\DTD\dirxmlscript4.8.3.dtd 


Inthe dirxmlscript4.8.3.dtd document search and replace below attribute rules 


¢ <!ELEMENT if-dest-attr (((arg-dn | arg-association),( value? | 
component* ))? | (#PCDATA | component)*)>to <!ELEMENT if-dest-attr 
(4PCDATA | component | arg-dn | arg-association | value)*> 


¢ <!ELEMENT if-src-attr (((arg-dn | arg-association),( value? | 
component* ))? | (#PCDATA | component)*)>to <!ELEMENT if-src-attr 
(4#PCDATA | component | arg-dn | arg-association | value)*> 
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